Understanding document signing terminology. From audit trails to zero-knowledge proofs, find clear definitions for every term you will encounter.
A cryptographically secured, chronological log of every action performed on a document, stored immutably alongside the signed record. RatiVault's audit trail captures granular metadata — signer identity, device fingerprint, IP address, consent timestamp, and signature biometrics — to meet the record-keeping requirements of FCA SYSC, MiFID II, and PCI DSS. Audit trails are retained for the full regulatory retention period and can be exported in machine-readable formats.
The cryptographically verifiable record of every custodial transfer and access event for a document, from origination through the entire retention period. RatiVault enforces chain of custody through content-addressable storage, hash-based integrity verification at every access, and immutable audit logging. This meets the evidentiary standards required by financial regulators and ensures records remain admissible throughout multi-decade retention periods.
A PKI-based signature mechanism that creates a mathematically verifiable link between a signer's identity and the document content, ensuring tamper-evidence and non-repudiation for the lifetime of the record. Digital signatures in RatiVault are generated using FIPS 140-2 validated cryptographic modules. Every signed document includes an embedded cryptographic proof that can be independently verified decades after signing.
A cryptographically verifiable indication of consent attached to an electronic record, designed to meet the evidentiary and retention requirements of regulated financial services. Electronic signatures in RatiVault are captured with full metadata — timestamp, IP address, device fingerprint — and stored immutably alongside the signed document. This ensures audit-readiness throughout the entire document lifecycle.
An authorised individual who executes a document on behalf of themselves or an entity, creating binding obligations. In financial services, signatory authority is governed by mandates, board resolutions, and regulatory requirements such as the FCA's Senior Managers Regime. RatiVault records signatory capacity and authority level as part of the immutable audit trail.
An individual party required to execute their signature on a document within a regulated transaction. RatiVault assigns each signer a unique cryptographic token and captures comprehensive metadata — device information, geolocation (where permitted), IP address, and behavioural signals — to establish identity assurance for compliance purposes.
A handwritten ink signature on a physical document. Wet signatures present significant challenges for financial services: they are difficult to authenticate at scale, expensive to store in compliance with retention schedules, and vulnerable to loss or degradation. RatiVault provides a migration path from wet signatures to digitally verifiable alternatives that meet FCA and PRA record-keeping requirements.
The final stage of the document lifecycle — the controlled, audited process of permanently destroying records that have met their retention obligations. Disposition in a regulated environment requires formal authorisation, verification that no legal holds or regulatory investigations prevent destruction, and the creation of a destruction certificate for audit purposes. RatiVault automates disposition workflows with multi-level approval, hold checking, and immutable destruction audit records.
The complete sequence of stages a document passes through, from creation and execution through active use, retention, and eventual disposition. In regulated financial services, each lifecycle stage has specific compliance requirements — access controls during active use, integrity verification during retention, and audited destruction at disposition. RatiVault manages the entire document lifecycle with configurable policies, automated transitions, and comprehensive audit logging at every stage.
An electronic signature satisfying the four criteria of eIDAS Article 26 — unique linkage to the signatory, signatory identification, sole-control creation, and tamper-detection linkage to the signed data. AES provides stronger legal standing than SES while being more practical to deploy at scale than QES. RatiVault implements AES as the default signing level for regulated financial services transactions, capturing the evidence required to demonstrate compliance with each Article 26 requirement.
EU Regulation 910/2014 establishing the legal and technical framework for electronic signatures, seals, and trust services across the European Economic Area. eIDAS defines three signature tiers with ascending levels of legal presumption and is directly relevant to financial services firms operating across EU jurisdictions. RatiVault supports all eIDAS tiers and maintains the technical evidence required to demonstrate compliance to both UK and EU financial regulators.
The US federal law (2000) that provides legal recognition to electronic signatures and records in commerce, complemented by the Uniform Electronic Transactions Act (UETA) at the state level. For financial services firms with US operations or US counterparties, ESIGN compliance is a regulatory requirement. RatiVault captures the consent records, access logs, and retention metadata required to demonstrate ESIGN compliance to US regulators.
The highest assurance electronic signature under eIDAS, generated using a Qualified Electronic Signature Creation Device (QSCD) and a qualified certificate from an EU-listed Trust Service Provider. QES is the only electronic signature type that carries an automatic legal presumption of validity equivalent to a handwritten signature. RatiVault supports QES workflows for high-value financial transactions where maximum legal certainty is required by regulation or counterparty agreement.
The discipline of ensuring that an organisation's record-keeping practices meet the requirements of applicable laws, regulations, and industry standards. For financial services, records compliance encompasses FCA SYSC 9, MiFID II Article 16, SEC Rule 17a-4, and the firm's own information governance policies. RatiVault provides the infrastructure, automation, and reporting capabilities needed to demonstrate records compliance to auditors and regulators.
A formal policy defining how long different categories of records must be retained before they can be disposed of, based on legal requirements, regulatory obligations, and business needs. Financial services retention schedules are complex — MiFID II requires five years minimum for transaction records, while mortgage documentation may need to be retained for the life of the loan plus six years. RatiVault supports granular retention schedules that can be applied at the document type, client, or regulatory regime level.
The foundational tier of electronic signature as defined by eIDAS Article 3(10), encompassing any electronic data logically associated with signed content. SES carries no automatic legal presumption — its probative value depends on the quality of the surrounding evidence. RatiVault strengthens SES by capturing extensive audit metadata (IP address, device fingerprint, consent flow, timestamps) to build a comprehensive evidence package that maximises the signature's defensibility in regulatory or legal proceedings.
The set of policies, procedures, and technical measures that enable an organisation to recover its critical systems and data following a catastrophic event — whether natural disaster, cyberattack, or infrastructure failure. For financial services, disaster recovery plans must meet regulatory expectations for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). RatiVault's disaster recovery architecture includes cross-region replication, automated failover, and regular recovery testing to ensure signed records are never lost.
A document or data record that cannot be altered, overwritten, or deleted once it has been committed to storage. Immutability is enforced through a combination of write-once storage policies, cryptographic hash chaining, and access controls that prevent modification even by system administrators. RatiVault's immutable records satisfy the requirements of FCA SYSC 9, SEC Rule 17a-4, and MiFID II Article 16 for the preservation of unalterable business records.
A storage architecture designed for the long-term preservation of signed documents with cryptographic integrity guarantees. Vaulted storage in RatiVault means documents are encrypted at rest using AES-256, stored with redundancy across multiple availability zones, and subject to continuous integrity monitoring via hash verification. Once vaulted, a document's content cannot be modified — only accessed, verified, or, after the retention period, securely disposed of.
A storage tier optimised for the long-term retention of records that are no longer in active use but must be preserved for regulatory or legal purposes. Archival storage balances cost efficiency with the accessibility and integrity requirements of compliance. RatiVault's archival tier uses cold storage infrastructure with periodic integrity verification, ensuring that records remain accessible and unaltered throughout multi-decade retention periods at a fraction of active storage costs.
The guarantee that every single bit of a stored document remains unchanged from the moment of ingestion through the entire retention period. Bit-level integrity is verified through cryptographic hash comparison — the hash computed at retrieval must exactly match the hash computed at ingestion. RatiVault performs automated integrity checks on a rolling schedule and flags any discrepancies for immediate investigation, ensuring compliance with the immutability requirements of financial regulators.
A storage tier designed for infrequently accessed data, offering significantly lower cost than active storage while maintaining data durability and integrity. Cold storage typically has higher retrieval latency (minutes to hours) compared to hot storage. RatiVault uses cold storage for documents that have passed their active use period but are still within their regulatory retention window, optimising cost while ensuring records remain retrievable for audits or legal proceedings.
A mathematical demonstration, based on cryptographic primitives, that a specific assertion is true — such as proving that a document has not been modified since signing, or that a signature was created by a specific key holder at a specific time. RatiVault generates cryptographic proofs for every signed document, combining document hashes, signature data, and trusted timestamps into a verifiable evidence package that can be independently validated without reliance on the platform itself.
A one-way cryptographic function that produces a fixed-size digest from variable-length input, providing a unique fingerprint for any piece of data. RatiVault uses SHA-256 hashing at document ingestion and performs periodic integrity re-verification against stored hashes throughout the retention period. This bit-level integrity checking ensures that records remain demonstrably unaltered across multi-decade storage, satisfying the immutability requirements of financial regulators.
The primary, high-performance storage tier used for documents that are in active use or require immediate accessibility. Hot storage provides low-latency access (milliseconds) and is used for recently signed documents, documents under review, and records subject to frequent retrieval. RatiVault automatically manages the transition of documents from hot to cold storage based on access patterns and retention policies, balancing performance with cost efficiency.
A cryptographic trust framework comprising certificate authorities, key management systems, and validation services that enable the issuance and verification of digital certificates. PKI is the foundation of digital signatures in financial services, providing the mathematical guarantees of authenticity, integrity, and non-repudiation required by regulators. RatiVault's PKI implementation uses FIPS 140-2 validated modules and supports certificate chains from multiple qualified and non-qualified trust service providers.
A cryptographic integrity mechanism that binds document content, signature metadata, and timestamps into a verifiable package, making any subsequent modification immediately detectable. RatiVault's tamper-evident seals are designed for long-term validation — they remain verifiable for decades, even after signing certificates expire, through the use of archival timestamps and certificate chain embedding. This satisfies the immutability requirements of FCA, PRA, and SEC record-keeping rules.